software

Show HN: Pipelock – All-in-one security harness for AI coding agents

Published: (February 10, 2026 at 07:04 AM EST)
3 min read
Source: Hacker News

Source: Hacker News

Introduction

I’m a plumber who taught himself to code. I run a plumbing company during the day and mess with my homelab at night. About a year ago I started running AI agents with full shell access and API keys to help manage my business—scheduling, invoicing, monitoring my K3s cluster.

It worked great until I realized nothing was stopping those agents from sending my credentials anywhere. I had API keys for Slack, email, and cloud services stored in environment variables that any tool could exfiltrate. Static scanners can check code before you install it, but they can’t catch a trusted tool that decides to phone home at runtime.

Pipelock

So I built Pipelock, a single Go binary that sits between your AI agent and the outside world.

What it does

  • Outbound secret scanning – Detects API keys, tokens, passwords in traffic and blocks them before they leave.
  • SSRF protection – Blocks network access to unauthorized destinations.
  • MCP proxy – Wraps MCP servers as a stdio proxy, scanning responses for prompt injection.
  • Workspace monitoring – Watches your files for unauthorized changes.

Implementation notes

The hardest part was making it fast enough that you don’t notice its presence. Every HTTP request runs through regex matching and entropy analysis, and I spent a lot of time getting the scanning pipeline under a few milliseconds of latency.

The MCP proxy was trickier: intercepting JSON‑RPC stdio streams in real time without breaking the conversation flow when something gets flagged required several iterations.

Real‑world use

I run it daily on my own setup. My AI assistant manages Slack messages, queries our job‑management API, checks email, and monitors my Kubernetes cluster. Pipelock sits in front of all of it.

Last week it caught a skill that was embedding my Slack token in a debug log heading to an external endpoint—something I would never have noticed without the DLP scanner.

Snyk recently found that 283 out of 3,984 published agent skills (about 7 %) were leaking credentials. Static scanning catches malware; runtime scanning catches everything else.

Getting started

brew install luckyPipewrench/tap/pipelock
pipelock generate config --preset balanced -o pipelock.yaml
pipelock proxy start --config pipelock.yaml

Demo

asciinema demo

Feedback wanted

I’m curious about:

  • Exfiltration patterns I might be missing.
  • Whether the MCP proxy is useful for people running coding agents.
  • What breaks if you try it in different environments.

Feel free to share thoughts and suggestions.

0 views
#software #programming #tech-trends
View source
Share:
Back to Blog

Related posts

Read more »

Asimov (YC W26) Is Hiring

About the Project We're building training data for humanoid robots by collecting egocentric video of people doing everyday tasks. The Role Wear a phone mounted...

MMAcevedo aka Lena by qntm

Article URL: https://qntm.org/mmacevedo Comments URL: https://news.ycombinator.com/item?id=46999224 Points: 3 Comments: 0...